Gregory's Server@thisismissem @vmstan @Gargron
The information is there in the api which known instances could be sampled daily. Only it might get complicated with instances not using Mastodon. Perhaps introducing a unique version code like mstdn.4.x.x or kbin.x.x.x might help.
Vulnerabilities occur elsewhere. Might be useful if a gihub account of another distribution gets compromised and they need to be locked out until proven safe.
Just a suggestion going forward if other distributions would co-operate.
@stuart @vmstan yes, the information may be in the API & available via say nodeinfo, but Mastodon doesn't actually store data about instances, just the known accounts & domain blocks.
tbh, this would possibly be better done via an advisory list.